Aave Models Up to $230.1M Bad Debt After Kelp’s $292M rsETH Bridge Exploit
Kelp and LayerZero are disputing whether a 1-of-1 DVN setup created the single point of failure.
A $292 million rsETH bridge exploit tied to Kelp DAO has turned into a live solvency and oracle-accounting test for Aave V3. Aave says the attacker used stolen rsETH as collateral to borrow WETH and wstETH, and it has modeled $123.7 million to $230.1 million of potential bad debt depending on how rsETH losses are recognized.
Key Takeaways
- Kelp DAO’s LayerZero-powered bridge lost 116,500 rsETH worth about $292 million on April 18, 2026.
- LayerZero described an attack chain where the DVN’s RPC node list was accessed, two nodes were poisoned, and a DDoS helped push a fake cross-chain message through to an illegitimate signature.
- Aave’s incident analysis says 89,567 rsETH (~$221 million) was posted as Aave V3 collateral to borrow 82,650 WETH and 821 wstETH, leaving the positions at very low health factors.
- Aave modeled scenario-dependent bad debt from roughly $123.7 million to $230.1 million, hinging on whether rsETH losses are socialized uniformly or isolated to L2 rsETH.
Kelp’s $292M rsETH Bridge Exploit Spills Into Aave V3
The bridge loss is already large on its own: 116,500 rsETH, valued around $292 million, was taken from Kelp DAO’s LayerZero-powered cross-chain bridge on April 18, 2026. The market problem is what happened next.
Aave’s incident report lays out the contagion path in plain terms. The attacker supplied 89,567 rsETH (worth about $221 million) as collateral on Aave V3, then borrowed 82,650 WETH and 821 wstETH. Aave flagged the positions as sitting at “very low health factors.”
What stands out here is the structure. The borrowed leg is WETH and wstETH, assets that do not care about rsETH’s accounting drama. If rsETH’s recognized value gaps down through a depeg or haircut, Aave can be left with a collateral hole while the borrowed assets remain owed. That is how a bridge exploit becomes a lending protocol solvency event.
Aave is not presenting a single loss number because it cannot. It framed the downside as scenario-dependent on how rsETH losses are allocated and how the LRTOracle exchange rate is updated. That uncertainty is the whole tradeable surface area.
LayerZero’s DVN Attack Path: RPC List Access, Poisoned Nodes, and DDoS
LayerZero’s incident description focuses on the verification layer that is supposed to stop exactly this kind of cross-chain forgery. In its account, the attacker, described as “likely North Korea’s Lazarus Group,” gained access to the list of RPC nodes used by LayerZero Labs’ decentralized verified network (DVN).
From there, LayerZero said the attacker poisoned two RPC nodes and launched a DDoS attack. The goal was operational, not subtle: overwhelm normal conditions so the DVN accepted a fake cross-chain message, then signed an illegitimate transaction.
For traders, the key detail is where verification failed. A DVN is a message-checking system for cross-chain traffic. An RPC node is the server endpoint that feeds chain data and transaction routing. A DDoS is the blunt instrument that can force systems into degraded modes. Put together, the described path is a classic “control the inputs, then control the decision” sequence.
LayerZero’s narrative also implicitly explains why the downstream damage is so hard to cap. Once a forged message is accepted and executed, the on-chain state changes are real. The unwind becomes an accounting and governance problem, not a pure technical rollback.
The 1-of-1 DVN Dispute: Single Point of Failure vs “Default for New OFT Deployments”
The public fight is about configuration responsibility, but the market impact is about whether this failure mode was structurally avoidable.
LayerZero criticized Kelp DAO’s “1-of-1” DVN configuration as a single point of failure because it lacked independent verification that could have caught a fraudulent cross-chain message. LayerZero’s statement was explicit: “LayerZero and other external parties previously communicated best practices around DVN diversification to Kelp DAO,” and “Despite these recommendations, Kelp DAO chose to utilize a 1/1 DVN configuration.”
Kelp’s rebuttal is equally direct and shifts the blame to defaults and documentation. “The 1-of-1 DVN setup is the configuration documented in LayerZero's documentation and shipped as the default for any new OFT deployment,” Kelp said. It also emphasized the relationship history, writing: “Kelp has operated on LayerZero infrastructure since January 2024 and has maintained an open communication channel with the LayerZero team throughout.”
Kelp added that DVN configuration was discussed during its L2 expansion and that the default setup was “affirmatively confirmed as appropriate” at the time. It framed the next step as joint work: “Establishing a shared and accurate account of what happened is the foundation for making the right fixes together.”
The pattern worth noting is that both sides are arguing about “best practice” versus “default posture.” LayerZero itself characterized 1/1 DVN as a single point of failure. Kelp is arguing that the single point of failure was the shipped baseline for new deployments. That distinction matters because it determines whether the market treats this as an operator mistake or an ecosystem-wide configuration risk.
Triggers Traders Should Track: rsETH Accounting, LRTOracle Updates, and Backstop Activation
Aave’s modeled downside is explicitly a function of rsETH accounting choices that sit outside Aave’s control. Aave said Kelp had not officially announced a loss allocation or recovery plan, and that the realized outcome depends “primarily how rsETH accounting and the LRTOracle exchange rate are updated.”
Aave laid out two scenarios.
Scenario 1 assumes uniform socialization of losses, with around 112,204 rsETH diluting supply equally across chains. Aave modeled this as a 15.12% rsETH depeg and roughly $123.7 million in bad debt. In that scenario, Aave wrote: “Ethereum Core absorbs the largest absolute loss ($91.8M), but its WETH reserve is deep enough that the shortfall remains at 1.54%,” while Mantle takes the highest proportional hit at a 9.54% shortfall due to the smallest WETH reserve relative to rsETH exposure.
Scenario 2 assumes losses are isolated to L2 rsETH, leaving Ethereum mainnet rsETH fully backed. Aave modeled a 73.54% haircut on L2 collateral and $230.1 million in bad debt across L2 markets including Mantle, Arbitrum, and Base WETH markets.
Backstops are also scenario-dependent. Aave said its WETH Umbrella holds $54 million and could serve as an initial backstop in scenario 1. It would not be triggered under scenario 2. Separately, Aave said the Aave DAO has $181 million in assets and has received several commitments from ecosystem participants to support the protocol if bad debt materializes.
The immediate triggers to monitor are straightforward: any official Kelp announcement on loss allocation or recovery, any rsETH accounting changes and LRTOracle exchange-rate updates, and on-chain changes in the attacker’s Aave V3 positions given the “very low health factors.” A final lever is governance and risk response, including whether parameter changes are proposed for rsETH or the affected L2 markets.
Marcus Hale’s Take: This Is a Collateral-Accounting Event Disguised as a Bridge Hack
I’m treating this as two linked incidents with one shared fulcrum: what rsETH is worth inside Aave after the dust settles. The bridge exploit is the ignition. The Aave V3 position is the accelerant. The loss number that matters is not the $292 million headline. It is the impairment that gets recognized against collateral while the WETH and wstETH borrow remains outstanding.
Aave’s own work makes the point. It did not publish a single “expected loss.” It published a range with two discrete accounting regimes. In the uniform-loss case, Aave models a 15.12% depeg and ~$123.7 million of bad debt, with the $54 million WETH Umbrella described as an initial backstop. In the L2-isolated case, it models a 73.54% haircut on L2 collateral and ~$230.1 million of bad debt, and the umbrella is not triggered. Same attacker position, radically different backstop mechanics.
That’s why the Kelp decision tree is now Aave’s risk surface. Aave explicitly said the scenario depends on decisions outside its control, “primarily how rsETH accounting and the LRTOracle exchange rate are updated,” and it noted Kelp had not announced a loss allocation or recovery plan. Until that is resolved, traders are pricing governance and oracle pathways, not just liquidation math.
I see three scenarios worth keeping separate, with clear confirmation points.
Scenario A is the “uniform socialization” path Aave modeled. Confirmation would be an official loss allocation that dilutes rsETH across chains in a way consistent with the 15.12% depeg assumption, plus LRTOracle exchange-rate updates that reflect that impairment. In that world, the umbrella being an initial backstop becomes relevant, and the question shifts to how quickly the system can absorb and distribute the shortfall across markets like Ethereum Core and Mantle.
Scenario B is the “L2-isolated haircut” path. Confirmation would be accounting that keeps Ethereum mainnet rsETH fully backed while imposing a large haircut on L2 rsETH, consistent with Aave’s 73.54% figure. In that world, Aave’s own report says the umbrella is not triggered, and the stress concentrates in L2 markets named in the model: Mantle, Arbitrum, and Base. The second-order effect is that risk management becomes chain-specific, not asset-wide.
Scenario C is the messy middle where loss allocation is delayed or contested, and the attacker’s Aave positions remain at very low health factors while the market tries to infer the oracle path. Confirmation would be continued absence of an official Kelp plan alongside observable on-chain changes in the attacker’s position, including health factor movement, partial liquidations, collateral withdrawals, or additional borrows. That’s the regime where uncertainty itself becomes the driver of liquidity conditions.
My core thesis is simple: Aave’s downside is not a single number yet because the binding constraint is rsETH accounting and oracle recognition, and the thesis is confirmed when Kelp publishes a loss allocation and the LRTOracle exchange rate updates in a way that pins Aave’s outcome to either the 15.12% depeg model or the 73.54% L2 haircut model.
